Protecting a control vector in an optional block of a standard key block

ABSTRACT

A computer program product is provided and includes a tangible storage medium readable by a processing circuit and on which instructions are stored for execution by the processing circuit for validating parameters passed to a parameter database, computing a length required for control vector CV data, preparing an optional block in accordance with a result of the computation, converting the CV to a format for a standardized key block while copying the converted CV into the optional block and updating optional block data in the standardized key block.

BACKGROUND

The present invention relates to data processing, and more specifically,to cryptography methods and structures.

Vendors of security software have proprietary key management datastructures and control mechanisms to aid in the implementation ofcustomer key management policies. These data structures are called keytokens or key blocks. Recently, as the need for increased security hasgrown, different entities have begun to use varied key management datastructures from different vendors. This has led to a need for aninterface between such varied key management data structure systems ofthe different vendors.

A technical report (TR) was thus developed through the American NationalStandards Institute (ANSI) X9 working group to create a format for keyexchange between interested parties. This format is referred to as TR-31and specifies that the layout of a standardized key block includesseveral data fields for key type, algorithm and control, as well aswrapping mechanisms that use another key to wrap the key as an opaquedata block placed in a payload after the key block. The wrappingmechanism specifies a method of cryptographically binding key controlinformation into the key block as part of the wrapping mechanism. Inparticular, a TR-31 key block defines attribute fields for key usage,key management and wrapping information along with several other fieldsfor other purposes. A TR-31 key block does not, however, specify methodsfor mapping proprietary key data structures to the TR-31 key block.

For example, a given cryptographically enabled computing system mayinclude a hardware security module (HSM) that implements a CommonCryptographic Architecture (CCA), which specifies a byte array of keycontrol information (i.e., a Control Vector (CV)), which iscryptographically bound in a key token to a cryptographic key. In thiscase, the CV controls the key control information inside the HSM secureboundary and concerns key usage and key management, with datarepresenting a key type, a key sub-type, key management policies and keyusage policies. The key type is the broad capability the key may be usedfor, such as enciphering and/or deciphering data, wrapping or unwrappingkeys, computing or verifying message authentication codes, use invarious financial operations, such as encrypting or decrypting PINinformation, and generating or verifying PIN information. The keysub-type is a restriction on key capability within actions supported bythe key type, such as limiting the key to only be used for encipheringdata or deciphering data, but not for both. Key management policiescontrols how the key may be distributed (or not distributed), such aswhether the key is exportable to another system (at all) and, if so,whether it is exportable while being wrapped in a TR-31 key block. Thekey usage policies controls how the key may be used beyond those limitsimposed by type and sub-type, such as limits on types of data that canbe processed (for keys that will be encipher/decipher keys) or types ofkeys that may be wrapped with the key (for keys that will be used forwrapping/unwrapping other keys). As mentioned above, methods fortranslating such CCA CV data into a representation appropriate for theTR-31 key block have not been specified.

SUMMARY

According to an aspect of the invention, a computer program product isprovided and includes a tangible storage medium readable by a processingcircuit and on which instructions are stored for execution by theprocessing circuit for performing a method. The method includesvalidating parameters passed to a parameter database, computing a lengthrequired for control vector (CV) data, preparing an optional block inaccordance with a result of the computation, converting the CV to aformat for a standardized key block while copying the converted CV intothe optional block and updating optional block data in the standardizedkey block.

According to another aspect of the present invention, a method isprovided. The method includes validating parameters passed to aparameter database, computing a length required for control vector (CV)data, preparing an optional block in accordance with a result of thecomputation, converting the CV to a format for a standardized key blockwhile copying the converted CV into the optional block and updatingoptional block data in the standardized key block.

According to yet another aspect of the present invention, a system isprovided. The system includes a processing circuit configured to performa method. The method includes validating parameters passed to aparameter database, computing a length required for control (CV) data,preparing an optional block in accordance with a result of thecomputation, converting the CV to a format for a standardized key blockwhile copying the converted CV into the optional block and updatingoptional block data in the standardized key block.

Additional features and advantages are realized through the techniquesof the present invention. Other embodiments and aspects of the inventionare described in detail herein and are considered a part of the claimedinvention. For a better understanding of the invention with theadvantages and the features, refer to the description and to thedrawings.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

The subject matter which is regarded as the invention is particularlypointed out and distinctly claimed in the claims at the conclusion ofthe specification. The forgoing and other features, and advantages ofthe invention are apparent from the following detailed description takenin conjunction with the accompanying drawings in which:

FIG. 1 is a schematic diagram of a computing system;

FIG. 2 is a diagram of key block fields;

FIG. 3 is a flow diagram illustrating a method of mapping keyinformation in an export operation;

FIG. 4 is a flow diagram illustrating a method of building optionalblocks;

FIG. 5 is a flow diagram illustrating a method of protecting a controlvector in an optional block;

FIG. 6 is a flow diagram illustrating a method of mapping keyinformation in an import operation; and

FIG. 7 is a flow diagram illustrating a method of parsing optional blockdata.

DETAILED DESCRIPTION

Aspects of the present invention concern a method for mapping key tokencontrol information to data fields specified by a standard key block,where the method includes an export operation. An output key block willcontain key control information cryptographically bound to key materialvia a wrapping method of the standard key block. That key controlinformation will be derived from the key token and disambiguationinformation for guiding the translation, which is specified prior to orduring the export operation. Aspects of the present invention alsoconcern a method for iteratively building a valid bundle of optionalblocks for use as input in later creating a standardized key block.Aspects of the present invention also specify a method of encoding thekey token information in a representation suitable for use in the keyblock optional blocks and a method for securely recording that thisoperation is allowed or not allowed.

Aspects of the present invention also concern a method for mappinginformation of data fields specified by a standard key block to keytoken information, where the method includes an import operation. Thisis distinct from the export case for reasons that the securitytrade-offs are asymmetric and, on import, a local system may becompromised. The output key token will contain key control informationcryptographically bound to the key material via a defined wrappingmethod. That key control information will be derived from the keycontrol information in the standard key block and disambiguationinformation for guiding the translation, which is specified prior to orduring the export operation. Aspects of the present invention alsoconcern a method for parsing and validating a standard key block andreturning specific and/or requested information about optional blockdata resident in the key block.

With reference to FIG. 1, a computing system 10 is provided as an accesscontrol system in which capabilities of users are limited by service andby specific functions that are executable within that service. Eachcapability is referred to as an access control point (ACP). The accesscontrol system which manages the ACPs for user operations may beembodied to control access within cryptographic processing systems thatinclude at least first and second computing devices 20 and 30.

The first and second computing devices 20 and 30 are connected to oneanother via a wired or wireless network 40. Each of the first and secondcomputing devices 20 and 30 includes a tangible storage medium 21 and 31that is readable by a processing circuit 22 and 32 and has executableinstructions stored thereon for execution by the processing circuit 22and 32 for performing one or more of the methods described herein. Inparticular, each of the first and second computing devices 20 and 30includes a respective hardware security module (HSM) cooperativelydefined by the respective storage medium 21, 31 and the respectiveprocessing circuit 22, 32. The respective HSMs handle the binding of keycontrol information to cryptographic keys among other duties and eachmay implement any one or more of several architectures to this end. Assuch, the respective HSMs may implement the same or differentarchitectures.

In an exemplary case, the HSM of the first computing device 20implements the common cryptographic architecture (CCA) and is instructedto send to the second computing device 30 a key token 100, whichincludes key control information and a cryptographic key to which thekey control information is cryptographically bound. Thus, since the HSMsof each the first and second computing devices 20 and 30 may or may notimplement the same architectures, it will be necessary for the HSM ofthe first computing device 20 to export the key control information in asecure manner to a standardized key block by way of a parameter database201 and a translation table 202, which are each stored in the storagemedium 21, and for the HSM of the second computing device 30 to importthe exported key control information from the key block by way of aparameter database 301 and a translation table 302, which are eachstored in the storage medium 31.

As noted above, the HSMs may each implement the same (i.e., the CCA) ordifferent architectures but, in either case, it may be necessary for theHSM of the first computing device 20 to modify the key token 100 tothereby generate the standardized key block 400 (hereinafter referred toas “key block 400”), which includes the key control information that hasbeen exported. It may be further necessary for the HSM of the secondcomputing device 30, having received the key block 400, to import thekey control information from the key block 400 and into a new key token500. Thus, the HSMs of the first and second computing devices 20 and 30may be required to execute a translation of information with respect tothe key block 400 (i.e., either by translating information into a formatof the key block 400 in an export operation or vice versa in an importoperation).

In the example of the HSMs each using the CCA, the translation tables202, 302 provide a mapping to/from various key block 400 usage and modevalues from/to CV key type and sub-type values. The “Output CCA Type”values and “Output CCA Usage” values are defined according to the CCAdocumentation. Each translation may require a potentially unique ACP tobe enabled and, in this way, system security administrators can directlycontrol by user which CCA key types that user is allowed to import fromthe key block 400 format. This is important since key blocks 400 areoften importable to more than 1 CCA Type and Sub-Type combination.

While the description provided herein may relate to multiplearchitectures for cryptographically binding key control information tocryptographic keys and to any standardized key block, for purposes ofclarity and brevity it will be assumed that the respective HSM of eachof the first and second computing devices 20 and 30 implements the CCAand that the key block 400 is that of the ANSI TR-31 (hereinafter“TR-31”).

With reference to FIG. 2, the key block 400 includes at least nine keyblock fields as follows. The key block version identification (ID) field410 identifies a version of the key block 400 that itself defines amethod by which the key block 400 is cryptographically protected andfurther identified content and layout of the key block 400. The keyblock length field 420 provides a length of the key block 400. The keyusage field 430 provides information about an intended function of theprotected key and/or sensitive data that is cryptographically bound tothe key block 400. The algorithm field 440 indicates the algorithm forwhich the protected key and/or sensitive data that is cryptographicallybound to the key block 400 may be used. The modes of use field 450defines an operation the protected key and/or sensitive data that iscryptographically bound to the key block 400 can perform. The keyversion number field 460 is a character version number to indicate thatcontents of the key block 400 are components of old keys or to preventre-injection of old keys. The exportability field 470 defines whetherthe protected key and/or sensitive data that is cryptographically boundto the key block 400 may be transferred outside the cryptographicdomain. The number of optional blocks field 480 defines a number ofoptional blocks included in the key block 400. The optional blocks field490 includes a variable number of optional blocks that each contain anID, length information and variable length data.

In an export operation, a user of the first computing device 20 passesthe following parameters to an object such as the parameter database201, which is accessed by the HSM of the first computing device 20 toexport the key control information to the key block 400. The parametersinclude rule array keywords that are indicative of correspondinginstructions, such as a single key block protection method to be placedin the key block version ID field 410, a key usage value for the outputkey block 400 to be placed in the key usage field 430, a mode of key useto be placed in the modes of use field 450, an optional export controlcode to set the exportability field 470 and an optional control vectortransport control to be placed in the optional blocks field 490.

The key block protection method may be any one of a VARXOR-A type usingthe variant method corresponding to TR31-KBV and is identified by an “A”being placed in the key block version ID field 410, a VARDRV-B typeusing the key derivation method corresponding to TR31-KBV and isidentified by a “B” being placed in the key block version ID field 410and a VARXOR-C type using the variant method corresponding to TR31-KBVand is identified by a “C” being placed in the key block version IDfield 410.

The key usage value may be any one of a base derivation key having akeyword “BDK,” which is identified by “B0” being placed in the key usagefield 430, a card verification key having a keyword “CVK,” which isidentified by “C0” being placed in the key usage field 430, a dataencryption key have a keyword “ENC,” which is identified by “D0” beingplaced in the key usage field 430, an EMV application cryptogram masterkey having a keyword “EMVACMK,” which is identified by “E0” being placedin the key usage field 430, an EMV secure messaging for confidentialitymaster key having a keyword “EMVSCMK,” which is identified by “E1” beingplaced in the key usage field 430, an EMV secure messaging for integritymaster key having a keyword “EMVSIMK,” which is identified by “E2” beingplaced in the key usage field 430, an EMV data authentication code keyhaving a keyword “EMVDAMK,” which is identified by “E3” being placed inthe key usage field 430, an EMV dynamic numbers master key having akeyword “EMVDNMK,” which is identified by “E4” being placed in the keyusage field 430, an EMV card personalization master key having a keyword“EMVCPMK,” which is identified by “E5” being placed in the key usagefield 430, a key-encrypting key having a keyword “KEK,” which isidentified by “K0” being placed in the key usage field 430, akey-encrypting key for wrapping TR-31 blocks having a keyword“KEK-WRAP,” which is identified by “K1” being placed in the key usagefield 430, a key for ISO 16609 MAC algorithm 1 using TDES having akeyword “ISOMAC0,” which is identified by “M0” being placed in the keyusage field 430, a key for ISO 9797-1 MAC algorithm 1 having a keyword“ISOMAC1,” which is identified by “M1” being placed in the key usagefield 430, a key for ISO 9797-1 MAC algorithm 3 having a keyword“ISOMAC3,” which is identified by “M3” being placed in the key usagefield 430, a PIN encryption key having a keyword “PINENC,” which isidentified by “P0” being placed in the key usage field 430, a PINverification key, an “other” algorithm having a keyword “PINVO,” whichis identified by “V0” being placed in the key usage field 430, a PINverification key for IBM 3624 algorithm having a keyword “PINV3624,”which is identified by “V1” being placed in the key usage field 430, anda PIN verification key, VISA PVV algorithm having a keyword “VISAPVV,”which is identified by a “V2” being placed in the key usage field 430.

The mode of key use may be any one of encrypt and decrypt having akeyword “ENCDEC,” which is identified by a “B” being placed in the modesof use field 450, decrypt only having a keyword “DEC-ONLY,” which isidentified by a “D” being placed in the modes of use field 450, encryptonly having a keyword “ENC-ONLY,” which is identified by an “E” beingplaced in the modes of use field 450, MAC or PIN generate and verifyhaving a keyword “GENVER,” which is identified by a “C” being placed inthe modes of use field 450, MAC or PIN generate only having a keyword“GEN-ONLY,” which is identified by a “G” being placed in the modes ofuse field 450, MAC or PIN verify only having a keyword “VER-ONLY,” whichis identified by a “V” being placed in the modes of use field 450, keyDerivation having a keyword “DERIVE,” which is identified by an “X”being placed in the modes of use field 450 and any mode allowed having akeyword “ANY,” which is identified by an “N” being placed in the modesof use field 450.

The optional export control code to set the exportability field 470 mayindicate any one of export being allowed using any key-encrypting keyhaving a keyword “EXP-ANY,” which is identified by an “S” being placedin the exportability field 470, export being allowed using a trustedkey-encrypting key, as defined in the standards for the key block 400,having a keyword “EXP-TRST,” which is identified by an “E” being placedin the exportability field 470 and export being prohibited having akeyword “EXP-NONE,” which is identified by an “N” being placed in theexportability field 470. The optional control vector transport controlto be placed in the optional blocks field 490 may indicate any one of aninstruction to include a CV as an optional field in the key block 400header having a keyword “INCL-CV” where the key usage field 430 and themodes of use field 450 will be set to non-numeric values according tothe translations described below and an instruction to include the CV asan optional field in the key block 400 header having a keyword “ATTR-CV”where the key usage field 430 and the modes of use field 450 are set topredefined values.

The parameters further include a “key version number,” a “key fieldlength,” a “source key identifier length,” a “source key identifier,” an“unwrap kek identifier length,” an “unwrap kek identifier,” a “wrap kekidentifier length,” a “wrap kek identifier,” an “opt blks length,” an“opt blocks,” a “tr31 key block length” and a “tr31 key block.” The keyversion number parameter may be a two byte number and may be copied intothe key version number field 460 of the key block 400 unless the sourcekey identifier parameter in the key token 100 is a key part in whichcase this parameter will be ignored and the key version number fieldwill be set to a value of “c0.” The key field length parameter may be aninteger parameter that specifies a length of a key field encrypted inthe key block 400. In accordance with embodiments, the length is amultiple of 8 and greater than or equal to a length of a “cleartext” keypassed in the key token 100 with the source key identifier parameterplus a length of a 2-byte key length that precedes this key in the keyblock 400. The source key identifier length parameter points to aninteger specifying a length of the source key identifier parameter. Thesource key identifier parameter points to a string variable containingthe key token 100 to be exported. The unwrap kek identifier lengthparameter points to an integer specifying a length of the unwrap kekidentifier parameter. The unwrap kek identifier parameter points to astring variable containing the key token 100 containing a wrapping keyfor unwrapping if the key token 100 in the source key identifierparameter is wrapped under a different key than the key kept inside theHSM of the first computing device 20. If no wrap kek identifierparameter is specified, this parameter will be used for wrapping the keyblock 400. The wrap kek identifier length parameter points to an integerspecifying a length of the wrap kek identifier parameter. The wrap kekidentifier points to a string variable containing the key token 100containing the wrapping key for wrapping the key block 400. The opt blkslength parameter points to an integer variable which specifies a lengthof the opt blocks parameter. The opt blocks parameter points to a buffercontaining an array of optional blocks to be included in the output keyblock 400. The array of optional blocks may be required to have beenprepared in a proper format previously. The tr31 key block lengthparameter points to an integer specifying a length of the tr31 key blockparameter. In accordance with embodiments, on input, the tr31 key blocklength parameter specifies a size of the buffer available for the outputkey block 400 and, on return, the tr31 key block length parameter isupdated to contain an actual length of that returned token. The tr31 keyblock points to a string variable where the output key block 400 will beplaced.

With reference to FIG. 3, the export process will now be described.Initially, conditions required for export are checked at operation 600.The checking includes a validation of the rule array parameter, thevalidation including a minimum number of keywords and only 1 from eachrequired group of keywords, and a verification that none of the rulearray, key version number, key field length, source key identifierlength, source key identifier, unwrap kek identifier length, unwrap kekidentifier, wrap kek identifier length, wrap kek identifier, opt blkslength, opt blocks, tr31 key block length and tr31 key block parametersare missing, as discovered in some embodiments by detecting nullpointers. If any parameters are absent (i.e., they are null pointers),the process aborts.

The checking of operation 600 further includes a validation of the keytoken 100 passed in the source key identifier, unwrap kek identifier andwrap kek identifier parameters. This validation includes a verificationthat the value passed with the source key identifier parameter is avalid key token 100 with version, length, control information and, ifnot, the process aborts. The validation further includes a verificationthat the value passed with the unwrap kek identifier is a valid keytoken 100 and, if not, the process aborts. When both the source keyidentifier parameter and the unwrap kek identifier parameter have beenparsed, the key material in the source key identifier is unwrapped usingeither the unwrap kek identifier parameter or the wrapping keymaintained inside the HSM of the first computing device 20. Thevalidation still further includes a verification that the value passedwith the wrap kek identifier is a valid key token 100 and if any tokenwas passed. If not, the process aborts.

The checking of operation 600 further includes a verification of whetherthe key token 100 received in the unwrap kek identifier parameter has aCV with permission to unwrap or translate the source key identifierparameter, a verification of whether the key token 100 received in thewrap kek identifier parameter has a CV with permission to wrap ortranslate the source key identifier parameter and a validation ofwhether the key token 100 in the source key identifier parameter can beexported. It is also determined at this time whether the key token 100can be exported as the key block 400 with a check made as to whether therequested operation is authorized for appropriate ACPs.

If results of the checking of operation 600 are affirmative, the methodcontinues at operation 610 by preparing the key block 400. Thisoperation initially involves a validation of the key field lengthparameter and a validation of optional blocks passed in the opt blocksparameter. This validation involves duplicate block tags not beingallowed, numeric block tags being allowed, alphabetic block tags beingrequired to conform to standards, length fields being sufficient, acalculation of a num opt blocks parameter (if the count is greater thana predefined number, such as 99, the process aborts), a determination ofwhether a total length of the optional blocks section would force thekey block 400 total length to be too large and a copying of the optionalblocks to the optional blocks field 490.

The preparing of operation 610 further includes preparing any additionaloptional blocks, such as an optional block to carry an encoded versionof the source key identifier parameter CV, and a validation that the keyversion number is formatted properly. If the passed key version numberparameter starts with ‘c’ and the key token 100 is not partial, theprocess aborts. If the passed key version number parameter starts with‘c’ and the key token 100 is partial, the process uses the passedversion number instead of the default ‘c0’. If the passed key versionnumber parameter does not start with ‘c’ and the key token 100 ispartial, the key version number parameter will be completely ignored and‘c0’ will be used for the key block 400.

Following the preparing of operation 610, the method continues bycreating the key block 400 at operation 620. The creating of operation620 includes creating and filling an empty key block 400 structure anddetermining the CV translation method to be used for the key block 400.The determining includes preparing the optional blocks field 490 withthe CV and preparing the key usage field 430 and the modes of use field450 based on the CV as described in the translation table 202 if INCL-CVis passed to the parameter database 201. Alternatively, the determiningincludes preparing the optional blocks field 490 with the CV and settingthe key usage field 430 and the modes of use field 450 to predefinedvalues if ATTR-CV is passed to the parameter database 201. In accordancewith still another alternative, the determining includes preparing thekey usage field 430 and the modes of use field 450 based on the CV asdescribed in the translation table 202 if no keyword is passed to theparameter database 201.

Following the creating of operation 620, the key block 400 is finishedat operation 630. The finishing of operation 630 includes preparing akey carrying section of the key block 400 according to the prescribedwrapping method, concatenating the wrapped key section after theoptional blocks field 490 to create the key block 400 and copying thekey block to the tr31 key block parameter and updating the tr31 keyblock length to the final length.

In accordance with further aspects of the invention, a method isprovided whereby a valid array of optional blocks formatted for the keyblock 400 is iteratively built.

A user of the invention passes the following parameters, which are alldefined as pointers, to the parameter database 201 in accordance withthe invention, via other methods or by value. The parameters include anopt blocks bfr length parameter, an opt blocks length parameter, an optblocks parameter, a num opt blocks parameter, an opt block id parameter,an opt block data length parameter and an opt block data parameter. Theopt blocks bfr length parameter points to an integer containing a lengthof a buffer passed with the opt blocks parameter. This length is used todetermine if adding a new optional block to the current contents of thebuffer would overflow the buffer. The opt blocks length parameter pointsto an integer containing the length of the data in the opt blocksbuffer. On input, it specifies the length of the data currently in theoptional block. On output, it is updated with the length after the newoptional block has been added to the set of optional blocks in thatbuffer. The opt blocks parameter points to a buffer containing the setof optional blocks being built. Initially, it will be empty and then anoptional block will be appended to the buffer with each iteration. Theopt blocks bfr length parameter specifies the total length of thisbuffer, and an error will be returned if this length would be exceededby adding the optional block in the opt block data parameter to thecurrent contents. The num opt blocks parameter points to an integercontaining the number of optional blocks contained in the structurereturned in the opt blocks parameter. This is provided as an outputparameter so that it can subsequently be used as an input to processingthat may build a full key block 400. This parameter is not examined oninput and is only updated on successful output. The opt block idparameter points to a two-byte value which is to be the identifier tagof the optional block passed in the opt block data parameter. The optblock data length parameter points to an integer specifying the lengthof the data passed in the opt block data parameter. This length may bezero as an optional block may validly have a tag and a length but nodata. The opt block data parameter points to a buffer where theapplication passes the data for the optional block that is to be addedto those already in the buffer in the opt blocks parameter. The lengthof this data is specified in the opt block data length parameter.

With reference to FIG. 4, the method of iteratively building the validarray of optional blocks formatted for the key block 400 in accordancewith embodiments is illustrated.

The method includes an initial verifying operation 700 followed by aparsing operation 710. The verifying of operation 700 includes averification that none of the opt blocks bfr length, opt blocks length,opt blocks, num opt blocks, opt block id, opt block data length or optblock data parameters are absent (i.e., they are null pointers). If anyare null, the process aborts. Next, it is verified that none of the optblocks bfr length, opt blocks length, num opt blocks, opt block datalength integer parameters have a negative value (i.e., they have a valuethat is greater than or equal to zero). Then, it is verified that thebuffer has enough space to add the new optional block to it.

The parsing of operation 710 includes a parsing of the optional blockdata in the opt blocks parameter to validate it and to determine itslength and the number of optional blocks it contains in case the userhas prepared part of the buffer themselves such that the invention mustbe able to maintain a guarantee that the output array of optional blocksis completely valid. The parsing of operation 710 further prohibitsduplicate block tags, permits numeric block tags, verifies thatalphabetic block tags are properly formatted for the key block 400,verifies that the length fields are of sufficient length and determinesthat, if the num opt blocks parameter is equal to 99, another optionalblock cannot be added.

Following the parsing of operation 710, the optional block ID to beadded is validated at operation 720 where an attempt by the user to adda padding block “PB” is prevented. In accordance with operation 720,duplicate block tags to those already in the array are not allowed,numeric block tags are allowed and alphabetic block tags must beproperly formatted for the key block 400. Next, it is determined atoperation 730 where to store the new optional block within the buffer inaccordance with the value of the opt blocks parameter.

The new optional block is then inserted into the buffer in accordancewith the opt blocks parameter at the starting address computed above atoperation 740. The inserting includes a verification that the value inthe opt block id parameter is properly formatted, a copying of the valuefrom the opt block id parameter to the optional block field 490, averification that the value is appropriate, a conversion of the lengthvalue from the opt block data length parameter into a proper format, acopying of that properly formatted length value to the key block lengthfield 420, a verification that the data in the buffer is properlyformatted and a copying of the data passed in the opt block dataparameter to the key block 400.

At operation 750, the value of the opt blocks length parameter isupdated to indicate the new length after adding the new optional blocksuch that the value of the opt blocks length parameter equals the valueof the opt blocks length parameter plus the new data length parameter.At operation 760, the correct total new count in the value of the numopt blocks parameter for the optional blocks is returned in the value ofthe opt blocks parameter.

In accordance with further aspects of the invention, the user of firstcomputing device 20 may wish to be able to keep his CV cryptographicallybound to the key even when exporting the key token 100 in a key block400 in case the HSM of the second computing device 30 also implementsthe same architecture of the first computing device 20. Normally,however, key blocks 400 do not have specified methods for mappingproprietary key control data structures such as the CCA CV to the keyblock 400. Accordingly, a method is provided whereby proprietarymaterial is encoded in the key block 400 in a representation suitablefor the key block 400 with a secure recording of whether this operationis allowed or prohibited for a given CCA CV key being made.

The present method uses one optional block in the key block 400 anddefines a format and a processing method to encode the CV in theoptional block field 490. According to the key block 400 standards,certain numeric optional block tags represent proprietary informationbeing represented in the optional block field 490. The present methodconcerns 2 items. The first is securely encoding a policy decision madeby the user about whether the CCA key may be exported in the format ofthe key block 400. This policy is securely bound to the CCA key byexecuting the CCA key wrapping method inside the HSM such that if the CVpolicy bits are changed when the key carrying data structure is storedoutside the HSM then the CCA key material value will be different whenun-wrapped inside the HSM later and therefore useless. The second itemconcerns a formatting and an encoding of the data in the optional block‘data’ section with the resultant optional block field 490 being laidout in accordance with the following.

With reference to FIG. 5, when the user of the first computing device 20requests that the key token 100 be encoded in the key block 400 andrequests that the CV accompany it, the method proceeds in accordancewith the following. First, the parameters passed to the parameterdatabase 201 are validated at operation 800. Here, the key token 100 isdefined as a data structure containing a CV and a key cryptographicallybound to the CV such that altering the CV changes the key and renders ituseless, where the key token 100 is of a valid version and format,contains a key and a CV and the CV represents that the key token 100 isallowed to be exported in the key block 400. In addition, the key block400 is defined at least initially as a partially prepared key block 400with room for adding a new optional block and a count less than themaximum. Next, the necessary length for the CV data is computed andverified at operation 810 and an optional block tag and length fields ofthe key block 400 are prepared at operation 820. An identifier ofproprietary information, a sub block identifier and length fields areprepared at operation 830 and the CV is converted to a proper format atoperation 840. Finally, the optional block count is updated at operation850.

In an import operation, a user of the second computing device 30 passesthe following parameters to the parameter database 301, which isaccessed by the HSM of the second computing device 30 to importinformation from the key block 400 to the new key token 500. Theparameters include rule array keywords, such as a single key wrappingmethod, a “C0” sub group, a “K0” or “K1” sub group, a “V0”/“V1”/“V2” subgroup, an “E0”/“E2” sub group, an “E1” sub group, an “E5” sub group, akey derivation level and a key type modifier. The single key wrappingmethod may be one of “INTERNAL,” referring to an internal key token, and“EXTERNAL,” referring to an external key token. As defined by thetranslation table 302, each of the sub groups corresponds to aninstruction within the new key token 500.

Within the “C0” sub group may be one of CVK-CVV and a CVK-CSCinstructions to convert the key block 400 CVK instruction to a new keytoken 500 instruction for use in calculating various credit cardverification values. Within the “K0” or “K1” sub groups may be one ofEXPORTER, OKEYXLAT, IMPORTER and IKEYXLAT instructions for the key block400 K0-E/D or K0-B usage and mode keys to convert the key block 400 KEKinstruction to a new key token 500 type key. Within the “V0”/“V1”/“V2”sub group may be one of PINGEN and PINVER instructions to convert a keyblock 400 PIB verification key to a new key token 500 PINGEN or PINVERkey. Within the “E0”/E2″ sub group may be one of DMAC and DMVinstructions to convert the key block 400 EMV master key for applicationcryptograms or secure messaging instruction to new key token 500DKYGENKY type key with DMAC or DMV sub types. Within the “E1” sub groupmay be one of DMPIN and DDATA instructions to convert a key block 400EMV master key for Secure Messaging for Confidentiality instruction to anew key token 500 DKYGENKY type key with DMPIN or DDATA sub types.Within the “E5” sub group may be one of DMAC, DMV and DEXP instructionsto convert a key block 400 EMV master key for card personalization tothe new key token 500 type key with DMAC, DMV or DEXP sub types. Withinthe key derivation level may be one of DKYL0 and DKYL1 instructions toconvert the key block 400 EMV master key to the new key token 500 typekey at derivation level DKYL0 or DKYL1. Within the key type modifier maybe a NOOFFSET instruction, which is valid only for “V0”/“V1” key block400 usage values and which instructs the HSM of the second computingdevice 30 to import a PINGEN or PINVER type key into a key token 500that cannot participate in the generation or verification.

The parameters further include a tr31 key block length parameter, atr31key block parameter, an unwrap kek identifier length parameter, anunwrap kek identifier parameter, a wrap kek identifier length parameter,a wrap kek identifier parameter, an output key identifier lengthparameter, an output key identifier parameter, a num opt blocksparameter, a cv source parameter and a protection method parameter. Thetr31 key block length parameter points to an integer specifying thelength of the tr31 key block parameter. The tr31 key block parameterpoints to a string variable containing the key block 400 input key blockto be imported. The unwrap kek identifier length parameter points to aninteger specifying a length of the unwrap kek identifier parameter. Theunwrap kek identifier parameter points to a string variable containingthe new key token 500 containing the wrapping key to use for unwrappingthe tr31 key block parameter. If no wrap kek identifier is specified andthe ‘EXTERNAL’ rule array keyword is passed, this parameter will also beused for wrapping the new key token 500 for output as well. The wrap kekidentifier length parameter points to an integer specifying a length ofthe wrap kek identifier parameter. The wrap kek identifier parameterpoints to a string variable containing the new key token 500 containingthe wrapping key to use for wrapping the output new key token 500, if adifferent wrapping key is required and the ‘EXTERNAL’ rule array keywordwas passed. The output key identifier length parameter points to aninteger specifying a length of the output key identifier parameter. Oninput, it must specify the size of the buffer available, and on returnit is updated to contain the actual length of that returned token. Theoutput key identifier parameter points to a string variable where thenew key token 500 will be placed. The num opt blocks parameter points toan integer variable where the number of optional blocks that are presentin the key block 400 will be placed. The cv source parameter points toan integer variable that will hold, on output, a value indicating howthe CV in the output new key token 500 was created. It can be one of thefollowing three values: 0x00 indicating that no CV was present in a keyblock 400 optional and the output CV was created based on input rulearray keywords and the attributes in the key block 400, 0x01indicatingthat a CV was obtained from an optional block in the key block 400, thatthe usage and mode were also specified and that compatibility wasverified for these values with the CV and then that CV was used in theoutput new key token 500 or 0x02 indicating that a CV was obtained froman optional block in the key block 400, that the usage and mode held thepredefined values indicating that the included CV was the only source ofcontrol information and that the CV from the key block 400 was used asthe CV for the new key token 500. The protection method parameter pointsto an integer variable that will hold on output a value indicating whatmethod was used to protect the input key block 400. It can be one of thefollowing three values: 0x00, 0x01 or 0x02 indicating that the key block400 was protected using the method with the key block version ID “A”,“B”, or “C.”

With reference to FIG. 6, the import process will now be described.Initially, the conditions required for import are checked at operation900. The checking includes a validation of the rule array parameter, thevalidation including a minimum number of keywords and only 1 from eachrequired group of keywords and either 0 or 1 from each optional group ofkeywords, and a verification that none of the tr31 key block length,tr31 key block, unwrap kek identifier length, unwrap kek identifier,wrap kek identifier length, wrap kek identifier, output key identifierlength, output key identifier, num opt blocks, cv source and protectionmethod parameters are absent (i.e., they are null pointers).

The checking of operation 900 further includes a validation of the keytoken 100 passed to the parameter database 301 in the unwrap kekidentifier and wrap kek identifier parameters. This validation includesa verification that the value passed to the parameter database 301 withthe unwrap kek identifier parameter is valid and a verification that thevalue passed to the parameter database 301 with the wrap kek identifieris valid.

The checking of operation 900 further includes a verification of whetherthe key token 100 received in the unwrap kek identifier parameter has aCV with permission to unwrap or translate the tr31 key block parametervia the CV control set, a verification of whether the key token 100received in the wrap kek identifier parameter has a CV with permissionto wrap or translate the output key identifier parameter and avalidation of the key block 400. This validation includes a validationof whether the key block fields have valid values with properlyformatted text and particular field constraints and that the version ofthe key block 400 is supported.

This validation further includes parsing the optional block data in thekey block 400 referred to by the tr31 key parameter to validate it,determine its length and the number of optional blocks it contains. Theparsing includes verifying that the count of optional blocks correspondsto the count noted in the key block field for this count and to the numopt blocks parameter, confirming that the length fields are correct andproperly formatted, prohibiting duplicate optional block tags,permitting numeric optional block tags, verifying that alphabetic blocktags are properly formatter and, if a CV is found encoded in an optionalblock, translating the CV to binary data in preparation for validation.

Following the checking of operation 900, the method continues tooperation 910 by decrypting the key block 400 using the key-encryptingkey passed in the unwrap kek identifier parameter and the unwrappingmethod indicated by the key block version ID field 410 and, at operation920, validating the ACPs specific to the key block version ID field 410.Then, the CV to be used in the new key token 500 is determined atoperation 930. There are 3 determination possibilities: the CV may bepassed as an optional block with numeric key bock 400 usage and modevalues, the CV may be passed as an optional block with non-numeric keyblock usage and mode values that have to be checked against CV contentand no CV may be passed as an optional block in the key block 400.

Where the CV is passed as an optional block with numeric key bock 400usage and mode values, and if the key usage field 430 has a value of,for example, “10” and the modes of use field 450 has a value of, forexample, “1,” this CV will be used to construct the new key token 500(if the value are numeric but different, the process aborts with anerror). Where no CV is passed, the values of the key usage field 430 andthe modes of use field 450 are validated against the rule array keywordsthat specify further interpretation in building the new key token 500, akey type, sub type and restrictions are chosen using the translationtable 302 and the CV is created based on the chosen key type, sub typeand rule array keywords.

Where the CV is passed as an optional block with a non-numeric key usagefield 430 and a non-numeric modes of use field 450, compatibilitybetween attributes in the CV and the non-numeric key usage field 430 andthe non-numeric modes of use field 450 is verified using the translationtable 302. If no compatibility exists, the process aborts and, ifcompatibility exists, appropriate ACP(s) are checked for operation, itis validated that if the key-part bits are on that the key versionnumber field 460 is proper and this CV is used to construct the new keytoken 500.

At this point, the method proceeds by preparing and building the new keytoken 500 at operations 940 and 950, respectively. The preparing ofoperation 940 includes copying the chosen or created CV to a buffer andsetting version and attribute fields. The creating of operation 950proceeds as follows. If the ‘EXTERNAL’ rule array keyword is passed tothe parameter database 301, the unwrap kek identifier or the wrap kekidentifier parameters (if passed) are used to wrap key material from theunwrapped key block 400 along with the new CV with the result placed inthe wrapped key fields of the new key token 500. If the ‘INTERNAL’ rulearray keyword is passed, the HSM master key is used to wrap the keymaterial from the unwrapped key block 400 along with the new CV with theresult placed in the wrapped key fields of the new key token 500. Then,the value of the num opt block parameter is set according to the tr31num opt parameter and the values of the cv source and the protectionmethod parameters are set with reference to the translation table 302.The final output new key token 500 is then copied to the output keyidentifier parameter and the length in the output key identifier lengthparameter is updated.

In accordance with further aspects of the present invention, a methodfor parsing and validating information in the key block 400 andreturning specific and/or requested information about optional blockdata resident in the key block 400 is provided. In accordance with themethod, a user of the invention passes the following parameters, whichare all defined as pointers, to the parameter database 301. Theparameters may be passed in accordance with the invention, via othermethods or by value.

The parameters include a rule array parameter, a tr31 key lengthparameter and a tr31 key parameter. The rule array parameter points to astring variable containing a keyword indicating desired information. Thekeywords are 8 bytes in length and must be left-aligned and padded onthe right with space characters. The rule array keywords include INFO,which is associated with an instruction to return information about anentire array of optional blocks in the key block 400, and DATA, which isassociated with an instruction to return data contained in a specifiedoptional block from the array of optional blocks. The tr31 key lengthparameter points to an integer containing a length of the tr31 keyparameter and the tr31 key parameter points to a buffer containing thekey block 400 that is to be parsed.

Parameters for the rule array keyword INFO parameter include a num optblocks parameter, an opt block ids parameter and an opt block lengthsparameter. The num opt blocks parameter points to an integer containingthe number of optional blocks in the key block 400. The value iscompared to the corresponding value in the key block header and if theydo not match the method aborts with an error. The reason that thisparameter is included is that the sizes of the buffers the user mustprovide for the opt block ids and opt block lengths parameters isrelated to the number of optional blocks. If the user does not correctlyknow the number of optional blocks, it may have allocated buffers thatare too short. The opt block lengths parameter points to an array of16-bit unsigned integer values. On successful return from the method,the array pointed to by this parameter is populated with the length inbytes of each of the optional blocks contained in the key block 400 inthe same order they appear. This corresponds to the array returned inthe opt block ids parameter. The total length of the returned list willbe two times the number of optional blocks (a 16 bit unsigned integer is2 bytes of storage), therefore the user must supply a buffer with alength at least two times the value it passes in the num opt blocksparameter.

Parameters for the rule array keyword DATA parameter include an optblock id parameter, an opt block data length parameter and an opt blockdata parameter. The opt block id parameter points to a 2-byte stringwhich contains the identifier of the block for which the application isrequesting data. The opt block data length parameter points to aninteger variable containing the length for the opt block data parameter.On input, it must be set to the length of the buffer provided by theapplication program and, on output, it is updated to contain the lengthof the returned optional block data, in bytes. The opt block dataparameter points to a buffer where the verb stores the data it readsfrom the specified optional block. The buffer must have enough space forthe data, as indicated by the input value of the opt block data lengthparameter. On output, the optional block data corresponding to the optblock id parameter is copied to the buffer and its length is stored inthe opt block data length parameter.

With reference to FIG. 7, the method includes a verifying operation1000, an initial parsing operation 1010, a secondary INFO-parsingoperation 1020 and a secondary DATA-parsing operation 1030. Theverifying of operation 1000 includes a verification that none of therule array, tr31 key length and tr31 key are absent (i.e., they are nullpointers), a verification for the rule array keyword INFO that none ofthe num opt blocks, opt block ids and opt block lengths parameters areabsent (i.e., they are null pointers) and a verification for the rulearray keyword DATA that none of the opt block id, opt block data lengthand opt block data parameters are absent (i.e., they are null pointers).The verifying of operation 1000 further includes a verification that thetr31 key length parameter is not absent (i.e., that is not a nullpointer), a verification for the rule array keyword INFO that the numopt blocks parameter is not absent (i.e., that it is not a null pointer)and a verification for the rule array keyword DATA that the opt blockdata length parameter is not absent (i.e., that it is not a nullpointer). The verifying of operation 1000 still further includes avalidation that the key block fields in the tr31 key parameter areallowed value ranges. This includes validating the key block formattingof data is in the proper format and that a version of the key block 400is supported.

The initial parsing of operation 1010 parses the optional block data inthe key block 400 referred to by the tr31 key parameter to validate it,determine its length and the number of optional blocks it contains. Inaccordance with the parsing, a count of optional blocks must correspondto the count noted in the key block field for this count and to the numopt blocks parameter, the length fields must be properly formatted,duplicate optional block tags are not allowed, numeric optional blocktags are allowed and alphabetic block tags must conform to those of thekey block 400.

The secondary INFO-parsing of operation 1020 is employed for when therule array keyword INFO is present. Here, if no optional blocks arefound, the method sets the num opt blocks parameter to indicate zeroblocks and to return with an indication of success. Then, the key blockin the tr31 key parameter is parsed iteratively to find the tag andlength fields for each optional block in the header. While parsing, foreach optional block encountered, the block is added to an array in theopt block ids parameter containing each of the block tags, in the orderthey appear in the header and to an array in the opt block lengthsparameter containing each of the optional block lengths converted intothe proper format in the order they appear in the header.

The secondary DATA-parsing of operation 1030 is employed for when therule array keyword DATA is present. Here, if no optional blocks arefound, the method aborts. Then, the key block in the tr31 key parameteris parsed iteratively with the tag of each compared to the value in theopt block id parameter. If the requested tag is not found before the endof the optional block section is reached, the method aborts. Then, thedata section of that optional block is copied to the opt block dataparameter, with a length indicated by the length field of the optionalblock, the length field of the optional block is converted and placed asa value into the opt block data length parameter and a successfulnotification is returned to the user.

Technical effects and benefits of the present invention includeprovision of a method of secure translation such that a user need notoperate outside a hardware security module (HSM) and thus expose keymaterial. In accordance with the method, the user need not question anarray validity of optional blocks and a resulting array may be directlyused when creating a standardized key block. Also, the user is directlyenabled to export key tokens to key blocks and to import those keyblocks to key tokens without losing the key token information.

The terminology used herein is for the purpose of describing particularembodiments only and is not intended to be limiting of the invention. Asused herein, the singular forms “a”, “an” and “the” are intended toinclude the plural forms as well, unless the context clearly indicatesotherwise. It will be further understood that the terms “comprises”and/or “comprising,” when used in this specification, specify thepresence of stated features, integers, steps, operations, elements,and/or components, but do not preclude the presence or addition of oneor more other features, integers, steps, operations, elements,components, and/or groups thereof.

The corresponding structures, materials, acts, and equivalents of allmeans or step plus function elements in the claims below are intended toinclude any structure, material, or act for performing the function incombination with other claimed elements as specifically claimed. Thedescription of the present invention has been presented for purposes ofillustration and description, but is not intended to be exhaustive orlimited to the invention in the form disclosed. Many modifications andvariations will be apparent to those of ordinary skill in the artwithout departing from the scope and spirit of the invention. Theembodiment was chosen and described in order to best explain theprinciples of the invention and the practical application, and to enableothers of ordinary skill in the art to understand the invention forvarious embodiments with various modifications as are suited to theparticular use contemplated.

Further, as will be appreciated by one skilled in the art, aspects ofthe present invention may be embodied as a system, method, or computerprogram product. Accordingly, aspects of the present invention may takethe form of an entirely hardware embodiment, an entirely softwareembodiment (including firmware, resident software, micro-code, etc.) oran embodiment combining software and hardware aspects that may allgenerally be referred to herein as a “circuit,” “module” or “system.”Furthermore, aspects of the present invention may take the form of acomputer program product embodied in one or more computer readablemedium(s) having computer readable program code embodied thereon.

Any combination of one or more computer readable medium(s) may beutilized. The computer readable medium may be a computer readable signalmedium or a computer readable storage medium. A computer readablestorage medium may be, for example, but not limited to, an electronic,magnetic, optical, electromagnetic, infrared, or semiconductor system,apparatus, or device, or any suitable combination of the foregoing. Morespecific examples (a non-exhaustive list) of the computer readablestorage medium would include the following: an electrical connectionhaving one or more wires, a portable computer diskette, a hard disk, arandom access memory (RAM), a read-only memory (ROM), an erasableprogrammable read-only memory (EPROM or Flash memory), an optical fiber,a portable compact disc read-only memory (CD-ROM), an optical storagedevice, a magnetic storage device, or any suitable combination of theforegoing. In the context of this document, a computer readable storagemedium may be any tangible medium that can contain, or store a programfor use by or in connection with an instruction execution system,apparatus, or device.

A computer readable signal medium may include a propagated data signalwith computer readable program code embodied therein, for example, inbaseband or as part of a carrier wave. Such a propagated signal may takeany of a variety of forms, including, but not limited to,electro-magnetic, optical, or any suitable combination thereof. Acomputer readable signal medium may be any computer readable medium thatis not a computer readable storage medium and that can communicate,propagate, or transport a program for use by or in connection with aninstruction execution system, apparatus, or device.

Program code embodied on a computer readable medium may be transmittedusing any appropriate medium, including but not limited to wireless,wireline, optical fiber cable, RF, etc., or any suitable combination ofthe foregoing.

Computer program code for carrying out operations for aspects of thepresent invention may be written in any combination of one or moreprogramming languages, including an object oriented programming languagesuch as Java, Smalltalk, C++ or the like and conventional proceduralprogramming languages, such as the “C” programming language or similarprogramming languages. The program code may execute entirely on theuser's computer, partly on the user's computer, as a stand-alonesoftware package, partly on the user's computer and partly on a remotecomputer or entirely on the remote computer or server. In the latterscenario, the remote computer may be connected to the user's computerthrough any type of network, including a local area network (LAN) or awide area network (WAN), or the connection may be made to an externalcomputer (for example, through the Internet using an Internet ServiceProvider).

Aspects of the present invention are described below with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems) and computer program products according to embodiments of theinvention. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer program instructions. These computer program instructions maybe provided to a processor of a general purpose computer, specialpurpose computer, or other programmable data processing apparatus toproduce a machine, such that the instructions, which execute via theprocessor of the computer or other programmable data processingapparatus, create means for implementing the functions/acts specified inthe flowchart and/or block diagram block or blocks.

These computer program instructions may also be stored in a computerreadable medium that can direct a computer, other programmable dataprocessing apparatus, or other devices to function in a particularmanner, such that the instructions stored in the computer readablemedium produce an article of manufacture including instructions whichimplement the function/act specified in the flowchart and/or blockdiagram block or blocks.

The computer program instructions may also be loaded onto a computer,other programmable data processing apparatus, or other devices to causea series of operational steps to be performed on the computer, otherprogrammable apparatus or other devices to produce a computerimplemented process such that the instructions which execute on thecomputer or other programmable apparatus provide processes forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks.

The flowchart and block diagrams in the Figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods, and computer program products according to variousembodiments of the present invention. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof code, which comprises one or more executable instructions forimplementing the specified logical function(s). It should also be notedthat, in some alternative implementations, the functions noted in theblock may occur out of the order noted in the figures. For example, twoblocks shown in succession may, in fact, be executed substantiallyconcurrently, or the blocks may sometimes be executed in the reverseorder, depending upon the functionality involved. It will also be notedthat each block of the block diagrams and/or flowchart illustration, andcombinations of blocks in the block diagrams and/or flowchartillustration, can be implemented by special purpose hardware-basedsystems that perform the specified functions or acts, or combinations ofspecial purpose hardware and computer instructions.

1. A computer program product comprising a tangible storage mediumreadable by a processing circuit and on which instructions are storedfor execution by the processing circuit for: validating parameterspassed to a parameter database; computing a length required for controlvector (CV) data; preparing an optional block in accordance with aresult of the computation; converting the CV to a format for astandardized key block while copying the converted CV into the optionalblock; and updating optional block data in the standardized key block.2. The computer program product according to claim 1, wherein thevalidating comprises: defining a key token as a data structurecontaining the CV and a key control information cryptographically boundto the CV such that altering the CV changes the key control information;and preparing the standardized key block.
 3. The computer programproduct according to claim 2, wherein the defining further comprisesconfirming that the key token is of a valid version and format, that thekey token contains the key control information and the CV and that theCV represents that the key token is exportable.
 4. The computer programproduct according to claim 2, wherein the preparing comprises confirmingthat the key block has room for adding a new optional block and a countless than a predefined maximum.
 5. The computer program productaccording to claim 1, wherein the computing comprises: computing arequired length for the CV data; computing required lengths of subblocks.
 6. The computer program product according to claim 5, whereinthe preparing of the optional block comprises: preparing an optionalblock tag and length fields of the standardized key block; and preparingan identifier of proprietary information, a sub block identifier andlength fields.
 7. The computer program product according to claim 1,wherein the updating comprises updating a count of optional blocks andan overall length field of the standardized key block. 8-14. (canceled)15. A system comprising a processing circuit configured validateparameters passed to a parameter database; compute a length required forcontrol vector (CV) data; prepare an optional block in accordance with aresult of the computation; convert the CV to a format for a standardizedkey block while copying the converted CV into the optional block; andupdate optional block data in the standardized key block.
 16. The systemaccording to claim 15, wherein the validation comprises: defining a keytoken as a data structure containing the CV and a key controlinformation cryptographically bound to the CV such that altering the CVchanges the key control information; and preparing the standardized keyblock.
 17. The system according to claim 16, wherein the definingfurther comprises confirming that the key token is of a valid versionand format, that the key token contains the key and the CV and that theCV represents that the key token is exportable.
 18. The system accordingto claim 16, wherein the partial preparing comprises confirming that thekey block has room for adding a new optional block and a count less thana predefined maximum.
 19. The system according to claim 15, wherein thecomputation comprises: computing a necessary length for the CV data;computing necessary lengths of sub blocks, and the preparing of theoptional block comprises: preparing an optional block tag and lengthfields of the standardized key block; and preparing an identifier ofproprietary information, a sub block identifier and length fields. 20.The system according to claim 15, wherein the update comprises updatinga count of optional blocks and an overall length field of thestandardized key block.